On Mon, Aug 12, 2013 at 04:39:27PM +0200, Stefano Babic wrote:
(header for Freescale's i.MX processors) to allow the usage of Freescale's tools to sign the u-boot image and provide a secure boot.
This has nothing to do with the Secure Boot extensions implemented by Simon Glass, that can be in any case used to boot later a secure image. Freescale's secure boot ensures that a signed bootloader is started only if it is verified with a key that is burned into the iMX fuses. Documentation about the Freescale's secure process can be read from the AN4591, available on the Freescale's Website.
Where does Marek's patch fall in here exactly? Should he be based on top of yours, yours on his? It should all go via u-boot-imx, so you'll have to do the merging anyhow :) And on that note, things seem as sane as they're likley going to be, with the caveat of what you've already said you'll v3.